[midPoint] Synchronization: no focus deletion after account deleted on HR
Ivan Noris
ivan.noris at evolveum.com
Mon Jul 6 11:51:53 CEST 2015
Hi Giovanni,
thanks. As it seems, Pavol has just pointed out the real issue - the
inability to detect deletes in DBTable connector - as the connector is
watching for modifications and delete means the record just dissapears.
This also explains why the discovery has been when editing the user...
during fetching account, it was detected as deleted (situation DELETED),
so the synchronization has been started and the (just edited) user was
deleted causing the error.
If you add some column for marking "deleted" accounts in DBTable, you
could synchronize these to midPoint as disabled and the user and all
corresponding accounts would be disabled (but not deleted).
The other way is reconciliation as Pavol has recommended, to detect the
deleted accounts and react.
In most deployments (regardless of the input feed being database table,
CSV export or other data) customers usually have flags to distinguish
former employees, or flags regarding the maternity leave etc. on which
you can react by disabling the User and all his/her accounts.
But off course, having the accounts deleted from DB table is OK too, but
the connector will not detect them using LiveSync, but Reconciliation
will work.
Regards,
Ivan
On 07/06/2015 11:13 AM, Giovanni Rosavini wrote:
> Hello Ivan,
>
> here is the task. It was mostly a copy of the one available in
> "samples/resources/opendj/opendj-localhost-resource-sync-advanced.xml".
>
> Thanks,
> Giovanni Rosavini <g.rosavini at nsr.it <mailto:g.rosavini at nsr.it>>
>
> *nova systems roma / nsr*
>
> via della foce micina, 74
> 00054 Fiumicino (RM) - Italia
> t. +39 06 6504 7521 <tel:%2B39%2006%206504%207521>
> f. +39 06 6504 7519 <tel:%2B39%2006%206504%207519>
>
> web: http://www.nsr.it <http://www.nsr.it/>
> Il 06/07/2015 10:58, Ivan Noris ha scritto:
>> Hi Giovanni,
>>
>> quick and stupid question: is Livesync task running? How often?
>>
>> Thanks,
>> Ivan
>>
>> On 07/06/2015 10:55 AM, Giovanni Rosavini wrote:
>>> Hello Pavol,
>>>
>>> I'm sorry, I accidentally disabled some of the loggers while testing
>>> another scenario. Now I have changed my settings enabling the
>>> logging for Model (attached is my System Configuration).
>>> Here is the test I made:
>>>
>>> * at 10:32 I deleted my user from HR;
>>> * at 10:33 I listed the users in the GUI: the to-be-deleted user
>>> was still there;
>>> * at 10:34 I tried to access the user details from the GUI,
>>> receiving the "user not found" error.
>>>
>>> I previously forgot to mention that I am using Midpoint version 3.1.1.
>>>
>>> Thank you for your help
>>>
>>> Best regards,
>>>
>>> Giovanni Rosavini <g.rosavini at nsr.it <mailto:g.rosavini at nsr.it>>
>>>
>>> *nova systems roma / nsr*
>>>
>>> via della foce micina, 74
>>> 00054 Fiumicino (RM) - Italia
>>> t. +39 06 6504 7521 <tel:%2B39%2006%206504%207521>
>>> f. +39 06 6504 7519 <tel:%2B39%2006%206504%207519>
>>>
>>> web: http://www.nsr.it <http://www.nsr.it/>
>>> Il 06/07/2015 09:29, Pavol Mederly ha scritto:
>>>> Hello Giovanni,
>>>>
>>>> I've looked at your resource configuration and your log, but so far
>>>> I don't see the cause of the behavior you observe.
>>>>
>>>> However, we could perhaps help you more if you could send us
>>>> complete log files. First of all, I think the current log describes
>>>> only the "discovery" part of the process (and shows that midPoint
>>>> correctly decided to delete the user). What would be more useful is
>>>> the log covering the situation when you delete the row in DB,
>>>> execute the LiveSync cycle and observe that no reaction is
>>>> performed. Also, currently there seems to be only logs from the
>>>> Projector. Could you enable the TRACE logging for the whole Model
>>>> component?
>>>>
>>>> Best regards,
>>>> Pavol
>>>>
>>>> On 3. 7. 2015 17:40, Giovanni Rosavini wrote:
>>>>> Hi,
>>>>>
>>>>> I have a problem with synchronization against a DB read-only
>>>>> resource (my "HR" resource).
>>>>> When a new row is inserted in HR, Midpoint reacts and correctly
>>>>> creates the relative user (inbound mappings evaluations and object
>>>>> template application are OK), but when a row is deleted no
>>>>> reaction is performed; also, when I try to access the user in the
>>>>> GUI, discovery occurs and I receive the error message: "Object of
>>>>> type 'UserType' with oid 'ffa976d3-1700-476f-a6ba-a1d8c7f0875e'
>>>>> was not found".
>>>>> In the attachments you can find the relevant log lines and the
>>>>> resource configuration.
>>>>>
>>>>> Can you please help us?
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>> --
>>>>> Giovanni Rosavini <g.rosavini at nsr.it <mailto:g.rosavini at nsr.it>>
>>>>>
>>>>> *nova systems roma / nsr*
>>>>>
>>>>> via della foce micina, 74
>>>>> 00054 Fiumicino (RM) - Italia
>>>>> t. +39 06 6504 7521 <tel:%2B39%2006%206504%207521>
>>>>> f. +39 06 6504 7519 <tel:%2B39%2006%206504%207519>
>>>>>
>>>>> web: http://www.nsr.it <http://www.nsr.it/>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> --
>> Ing. Ivan Noris
>> Senior Identity Management Engineer & IDM Architect
>> evolveum.com evolveum.com/blog/
>> ___________________________________________________
>> "Semper Id(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150706/f1b94023/attachment.htm>
More information about the midPoint
mailing list